Job Title

Role SummaryWe are seeking an experienced L1 SOC Analyst (3–5 years) to perform real-time Eyes on Glass monitoring and first-level incident triage within our Security Operations Center. The role requires hands-on experience with SIEM, EDR, DLP, and network security tools, strong analytical skills, and a disciplined approach to SOP-driven incident handling. You will be the first line of defense responsible for validating threats, escalating incidents, and ensuring timely response to security events.Key Responsibilities1. Real-Time Monitoring (Eyes on Glass)Continuous monitoring of security events across SIEM platforms such as Azure Sentinel, Splunk ES, Google SecOps (formerly Chronicle), QRadar.Identify anomalies, suspicious behavior, and early indicators of compromise.Maintain situational awareness of enterprise threat posture during the shift.2. Alert Triage & Incident Escalation (L1 Scope)Perform initial triage of alerts related to malware, phishing, endpoint anomalies, lateral movement, access abuse, and network-based threats.Differentiate true positives from false positives through log correlation and event validation.Escalate verified incidents to L2/L3 teams as per incident playbooks and SLAs.Document investigations thoroughly within ServiceNow, Jira, Freshservice, or similar ITSM systems.3. Endpoint & Network Security SupportMonitor and respond to signals from EDR tools such as CrowdStrike, Carbon Black, Microsoft Defender.Review firewall, IDS/IPS, and proxy logs (Palo Alto, Fortinet, Cisco, Snort/Suricata).Support initial containment steps under supervision—isolating endpoints, blocking malicious domains/IPs, disabling accounts, etc.4. DLP, Access & Cloud Security OversightMonitor DLP alerts via Forcepoint, Microsoft Purview, or equivalent solutions.Validate RBAC violations, privilege escalations, and suspicious access attempts.Review cloud-specific alerts in Azure Security Center, API security dashboards, and identity protection tools.5. Reporting, Compliance & DocumentationPrepare incident summaries, shift handover reports, and event logs with clear timelines and evidence.Follow SOPs aligned to compliance frameworks such as ISO 27001, HIPAA, GDPR.Participate in monthly/quarterly reporting related to SOC performance, incident trends, and false positive reduction.6. Continuous ImprovementContribute to SIEM rule tuning, alert optimization, and detection enhancements.Support development of SOC playbooks, detection use cases, and knowledge-base content.Stay current with threat landscapes, MITRE ATT&CK techniques, malware trends, and cloud security patterns.Required Skills & Competencies1. Technical SkillsHands-on experience with SIEM platforms: Splunk ES, Azure Sentinel, Google SecOps (Chronicle), QRadar.Strong understanding of EDR tools: CrowdStrike, Carbon Black, Microsoft Defender.Exposure to DLP tools such as Forcepoint, Microsoft DLP, or Symantec DLP.Familiarity with:IDS/IPS systemsFirewall logs & network telemetryRBAC, access control & authentication mechanismsMalware/phishing analysis basicsCloud security fundamentals (Azure preferred)2. Soft SkillsStrong analytical mindset and attention to detail.Effective communication skills for escalation and reporting.Ability to work in a 24x7 SOC with high operational discipline.Team player with strong documentation habits.Experience & Qualifications3–5 years of hands-on experience in SOC operations, security monitoring, or incident response.Bachelor’s degree in Computer Science, Information Security, or related field.Preferred certifications: SC-200, AZ-900, Security+, CySA+, CEH.